Maryland 20-year-old indicted on hacking, fraud charges

A Seattle grand jury has indicted a Maryland man accused of hacking into the credit card systems of several Seattle businesses and using stolen funds to fuel his heroin addiction.

Currently in inpatient treatment for drug addition, 20-year-old Christopher A. Schroebel is facing federal hacking charges related to a string of high-tech thefts from Seattle restaurant-goers.

Federal prosecutors in Seattle contend Schroebel was selling credit card information through an online black market while also using the cards himself. A search of computer equipment tied to him allegedly uncovered information stolen from 4,800 credit cards, as well as dozens of malicious software programs meant to enable theft.

Asserting that Schroebel may have had help, Seattle Detective David Dunn said those responsible for the thefts planted malicious software – malware – into the computer systems at several businesses. The malware then relayed customers’ credit card information to a server allegedly controlled by Schroebel.

Dunn, who is assigned to a U.S. Secret Service electronic crimes task force, told the court that hackers often target credit card handling systems through remote-access capabilities, meant to allow a technician to make repairs without coming to a business.

“If the system is not properly secured, hackers can use this same remote access capability to … take full control of the system and install malware on it,” Dunn said in court documents. “Once malware has been installed, the hacker is able to collect and steal customer credit card data, and then to resell the stolen credit card numbers for fraudulent use by others, or to use it.”

Most hacks go undetected for months and are usually only detected when several customers complain their card numbers have been stolen, or their financial institutions notice extreme fraud and contact authorities.

In Schroebel’s case, the former is alleged to have occurred.

The owner of a Magnolia neighborhood restaurant contacted police in August after receiving complaints from several customers that their cards were compromised.

Investigators later determined the customers’ complaints were founded – information from cards compromised at the restaurant was used for a fraud in excess of $10,000. Police also found that keystroke-logging software had been installed in the system, enabling a hacker to see what was typed on a compromised computer.

Seattle Police Department fraud investigators had also been called to a similar fraud at a Shoreline restaurant supply store. There, as in the restaurant fraud, a hacker compromised the computer system and harvested customers’ credit card information.

Writing the court, Dunn said he determined malware had been downloaded to the computer systems remotely. Investigators traced the malware to a server associated with Schroebel, who is alleged to have included his own birth date in the passwords used to access the software.

A review of Schroebel’s bank records showed that he deposited thousands of dollars into a previously dormant account. Much of the money had been converted to an online currency – “Liberty Reserve” – not backed by any national bank, then converted to U.S. dollars.

“Liberty Reserve is one of the primary methods used by the online criminal underworld to transfer money, because of the anonymity that it offers,” Dunn told the court. “Legitimate financial transfers do not use Liberty Reserve because there is no real method of recourse.

“If money disappeared from the system, there is no verified backing to the system or regulating entity.”

From March until August, nearly $122,000 was deposited in Schroebel’s account, according to court documents. Investigators claim much of that money was moved as Liberty Reserve currency through a Hong Kong-based firm.

While Schroebel is alleged to have pulled much of the money from the compromised accounts by recoding credit cards with stolen information, Dunn said, he likely also sold stolen information and was paid for it through Liberty Reserve.

In court documents, Dunn noted that the servers used in the hacks also host a website associated with Schroebel that advertises and sells herbal penis enlargement treatments. Nearly all the activity on those servers, though, is alleged to have been aimed at fraud.

Having obtained a warrant, investigators searched the server and Schroebel’s family home in Keedysville, Md. According to court documents, investigators found card information for 4,800 credit cards stored on the server, as well as 29 malware programs.

Arriving at Schroebel’s home, Secret Service agents were told the young man had moved out months before and was staying elsewhere with his girlfriend. They also learned Schroebel had become “heavily involved in intravenous heroin use,” Dunn told the court.

Schroebel was arrested Nov. 21 and has since been indicted on multiple charges related to the fraud, including aggravated identity theft.

Following his arrest, Schroebel was placed in an inpatient drug treatment program as he went through heroin withdrawal, according to court documents. He has not yet appeared in U.S. District Court in Seattle to face the charges, though he is expected to do so in coming weeks.